Re: Buster without systemd?
deloptes writes: > but I do not have systemd-networkd or -resolved installed There are no separate packages for systemd-networkd and -resolved; they are shipped as part of the systemd package, but are not enabled by default. You have enable and configure them for them to do anything. Ansgar
Re: Buster without systemd?
kjo...@poczta.onet.pl (Kamil Jońca) writes:
> deloptes writes:
>> Kamil Jońca wrote:
>>> But always try :) systemd-resolved also.
>>>
>>> I lost a lot of time struggling with systemd-resoved (I wasn't aware of
>>> its existence), guessing why my dnsmasq stopped working properly.
>>>
>>> I simply like unix approach ("do one thing") and systemd is against it.
>>
>> I think you just did not want to read the documentation before trying it.
> As I said: I did not know that systemd-resolved install with some
> upgrade, and then takes my dns resolving.
Because it doesn't.
> When I realised existence of it, I turned it off immediately.
Then you must have enabled it first.
> And my task:
>
> How can I configure resolved to do something like:
> eth - interface
> tun1 - interface to vpn1 with domains a, b, c
> tun2 - interface to vpn2 with domains d, e
>
> I want to resolve domains a,b,c with dns server in vpn1 and domains d,e
> with server in vpn2.
>
> Can I do it with resolved?
+---
| Domains=: A whitespace-separated list of domains which should be
| resolved using the DNS servers on this link.
+---
sounds like it might be what you want.
Ansgar
Re: Running sudo without being in sudo group.
aprekates writes: > In https://wiki.debian.org/sudo it says: > > In order for a user to run sudo, the user must belong to group=sudo. > > But i see that adding a line in /etc/sudoers can allow me execute sudo > without being in the sudo group. > > Do i miss sth or the wiki miss sth? The Wiki isn't correct. Debian's default configuration of sudo allows all users in the `sudo` group to run whatever they want: # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL But any other use of sudo, that is any custom rules, doesn't require the user to be in the `sudo` group. I've updated the Wiki to say Debian's default configuration allows users in the sudo group to run any command via sudo. instead. Please remember that anyone can improve it ;-) Ansgar
Re: systemd ignoring KillUserProcesses=no
Camilo Alejandro Arboleda writes: > I'm running Debian testing with Linux 5.2, Gnome 3.34.1 and systemd 242. At > some point the last month systemd stopped honoring the > "KillUserProcesses=no" setting in /etc/systemd/logind.conf. Now all > processes get killed and googling shows nothing. > > Not sure if it is a bug in debian, upstream, or just a new unducommented > "feature." Any idea how to debug it? GNOME recently moved more stuff to user services that are managed by the `systemd --user` instance. Maybe your processes now run there and are stopped as part of the .service unit? `systemd-cgls` shows the cgroups and which processes run where. Ansgar
Re: Default Debian install harassed me
Carl Fink writes: > From his writing style, I get the feeling goleo is a young teen, perhaps > someone who learned social skills in a multiplayer game online. Or a hateful older person who is afraid of this new "video game" stuff and made up his mind that playing video games makes people abusive, just as TV, movies and earlier books did as was so correctly predicted by the older people at the time ;-) Ansgar
Re: Peculiar terminology for gnupg2 options.
Hi, pe...@easthope.ca writes: > A current update gives this note. > "gnupg2 (2.2.12-1+deb10u1) buster; urgency=medium > ... default to self-sigs-only. > ... > keyserver-options no-self-sigs-only" > > If the default is self-sigs-only why is the option set to no-self-sigs-only? The new default is self-sigs-only, the entry explains that one would need to set "keyserver-options no-self-sigs-only" to revert to the behavior of older versions of GnuPG. Ansgar
Re: Using ftp as apt-method: How to configure
Johann Spies writes: > We have a server in the DMZ with only connection to a ftp-server on campus > for updates. No http(s) service available for apt. I would recommend to use HTTP for that purpose. > My problem: Where do I put that? I have tried the following: > > Created an /etc/apt.conf with > Dir::Bin::Methods::ftp; > as the only line. It should be /etc/apt/apt.conf and something like Dir::Bin::Methods::ftp "ftp"; or so. Ansgar
Re: Buster install
Curt Howland writes: > I know some kinks will work out, but seriously, /sbin is not in root's > path by default? /sbin is in root's path by default. However Debian now uses a different implementation of `su` which no longer changes PATH by default: +--- | - new 'su' (with no args, i.e. when preserving the environment) also | preserves PATH and IFS, while old su would always reset PATH and IFS | even in 'preserve environment' mode. | [...] | The first difference is probably the most user visible one. Doing | plain 'su' is a really bad idea for many reasons, so using 'su -' is | strongly recommended to always get a newly set up environment similar | to a normal login. +---[ /usr/share/doc/util-linux/NEWS.Debian.gz ] Ansgar
Re: How Buster release may affect Unstable?
Default User writes: > Or something like > systemd infects the distribution or its rate of metastasis accelerates, I think we should make systemd mandatory; it would help make Debian a more welcoming distribution by making toxic people hopefully finally go away. Ansgar
Re: Unreliable systemd user service
Aidan Gauland writes: > I have a user service for running xautolock that does not start on login > reliably, and I have no idea why, because there is no error message, > just an exit code of 1. (Unit file and output of systemctl status > attached.) Any suggestions on what to do next to troubleshoot this? I would guess `xautolock` might be started before X is running/accessible by your user. Does the journal contain any useful log messages? Note that there is a race condition that some messages might not be logged as part of the user service[1], so you might have to check all log messages and cannot rely on journalctl's `--user-unit` option. Ansgar [1] https://github.com/systemd/systemd/issues/2913
Re: libpam-ck-connector missing
Hans writes: > I am running denbian/testing and dicovered, that /var/log/auth.log is got > spammed with the message, that /lib/security/pam_ck_connector.so is missing. > > And yes, it is really missing. However, libpam-ck-connector can not be > installed (due to dependencies of systemd). pam_ck_connector belongs to consolekit which is no longer supported. Is libpam-ck-connector still partly installed? What does `dpkg -l libpam-ck-connector` say? Is pam_ck_connector still used anywhere in /etc/pam.d/*? Ansgar
Re: Configure your PC to contribute to Debian community
Vipul writes: > I've been using Debian from couples of years but haven't contributed > yet back to community. I want to contribute to Debian by maintaining > packages and fixing bugs. Since I'm using Debian for work purpose also > so, I don't want to mess-up with my system by installing unstable > packages or libraries. Is there a way to get isolation for work & > contribution purpose to keep yourself organized > I can get isolation by using Docker image or install one more copy > of Debian in PC and switch between them but that would be painful. I > want to hear from contributors & maintainers Which method they are > using or prefer to get isolation? You can use pretty much anything you prefer; it also depends on what you are using it for: there is no single solution for all needs. If you are already familiar with Docker, using that as a container for development or for building packages is fine. There is also the "whalebuilder" program to build Debian packages using Docker; it should be comparable to pbuilder or sbuild (I haven't used whalebuilder myself though). Using schroot is also okay; though Docker provides more isolation and might be easier to use. I'm using systemd-nspawn for running full systems including multiple services (daemons); Docker or schroot usually only run one program in a container. There are also alternatives like lxc. Finally for most isolation there are virtual machines; they provide even more isolation, but are also more complicated to use (transferring files, changing resource allocations (disk size, RAM), initial setup). Though if you try potentially destructive things, doing so in a VM is probably much better than breaking your production system :-) Ansgar
Re: "missing pubkey" for buster-security
Harald Dunkel writes: > I am running a local mirror of the security.debian.org > repository for in-house use. It seems to be available for > Buster as well, except that there is an error message > > ERROR: Condition '7638D0442B90D010' not fulfilled for > '/var/www/official/lists/buster-security_buster%2Fupdates_InRelease'. > Signatures in > '/var/www/official/lists/buster-security_buster%2Fupdates_InRelease': > '9D6D8F6BC857C906' (signed 2019-05-03): missing pubkey > 'AA8E81B4331F7F50' (signed 2019-05-03): missing pubkey > Error: Not enough signatures found for remote repository > buster-security (http://security.debian.org buster/updates)! > There have been errors! These keys are already in the debian-archive-keyring package (in testing/unstable): +--- | $ gpg --no-default-keyring --keyring /usr/share/keyrings/debian-archive-keyring.gpg --list-keys 7638D0442B90D010 9D6D8F6BC857C906 AA8E81B4331F7F50 | pub rsa4096 2014-11-21 [SC] [expires: 2022-11-19] | 126C0D24BD8A2942CC7DF8AC7638D0442B90D010 | uid [ full ] Debian Archive Automatic Signing Key (8/jessie) | | pub rsa4096 2014-11-21 [SC] [expires: 2022-11-19] | D21169141CECD440F2EB8DDA9D6D8F6BC857C906 | uid [ full ] Debian Security Archive Automatic Signing Key (8/jessie) | | pub rsa4096 2017-05-22 [SC] [expires: 2025-05-20] | 6ED6F5CB5FA6FB2F460AE88EEDA0D2388AE22BA9 | uid [ full ] Debian Security Archive Automatic Signing Key (9/stretch) | sub rsa4096 2017-05-22 [S] [expires: 2025-05-20] | 379483D8B60160B155B372DDAA8E81B4331F7F50 +--- Your condition requires the security archive to be signed with the main archive key; that is wrong. The 9/stretch keys are fairly new and were announced in [1]. [1] https://lists.debian.org/debian-devel-announce/2019/04/msg8.html > These keys are unknown on keyserver as well: > > # apt-key adv --keyserver keyring.debian.org --recv-keys 9D6D8F6BC857C906 keyring.d.o only has developer keys, not any of the other keys Debian might be using. I recommend getting them either from the debian-archive-keyring package or the locations referred to in the announcement; they should also be available on other keyservers. I would also recommend using the full fingerprint instead of shorter keyids. Ansgar
Re: A call to drop gnome as the default desktop
Keith Bainbridge writes: > I see the point that people who like gnome should be allowed to use it > - > so withdraw the drop gnome from debian. I believe the change to the > subject line will keep the discussion together. I'll re-send if it > opens a new topic. Why should GNOME not stay the default desktop? Because it supports using either of Wayland or X11? To quote your original mail this was one of the two main reasons you proposed GNOME to be dropped after all (besides not being able to move some toolbar): | [...] gnome is insisting that we like a new video process, just | because the team have decided to like it lots. | | I say this is NOT freedom. How is supporting *only* X11 freedom, but supporting *both* Wayland and X11 NOT freedom? Wouldn't it be more logical to drop all desktop environments that support *only* X11 to give more freedom? Ansgar
Re: A call to drop gnome
Gene Heskett writes: > On Tuesday 16 April 2019 13:32:38 Ansgar Burchardt wrote: >> Gene Heskett writes: >> > Where the heck in its confusing menu's can I find a tab supporting >> > terminal so I can get something done? Go ahead, find it, my coffee >> > needs to cool anyway.. >> >> You press the magic Super key, then type "Terminal" on the keyboard >> (or at least the beginning), then press Enter. GNOME feels pretty >> much designed to not be used by a mouse alone ;-) > > And that magic Super key is? https://en.wikipedia.org/wiki/Super_key_(keyboard_button) On many keyboards it is also known as this: https://en.wikipedia.org/wiki/Windows_key In my opinion GNOME is not really usable without using that key, so that might partly explain you being uncomfortable with it. > And does it do tabs? https://en.wikipedia.org/wiki/GNOME_Terminal#Tabs Ansgar
Re: A call to drop gnome
Gene Heskett writes: > Where the heck in its confusing menu's can I find a tab supporting > terminal so I can get something done? Go ahead, find it, my coffee needs > to cool anyway.. You press the magic Super key, then type "Terminal" on the keyboard (or at least the beginning), then press Enter. GNOME feels pretty much designed to not be used by a mouse alone ;-) Ansgar
Re: GPG-Fehler mit debmirror und wheezy-proposed-updates
Todd Fleisher writes: > I’m seeing this as well and suspect it is due to the GPG sub-key > ADD6B7E2 having been revoked. I am not sure why this has been done, > perhaps ftpmaster can provide some context? ADD6B7E2 is an encryption subkey. As this is not used, it was revoked later (in 2014). Newer archive signing keys no longer have an encryption subkey generated. Ansgar
Re: Expired GPG keys of older release
writes: > On Wed, Jun 20, 2018 at 10:37:19AM -0700, Don Armstrong wrote: >> In theory, [allow-weak=yes] should work, but I haven't actually tested >> this. > > Since it seems that an archived Debian release is bound to have an > expired key, would you agree that it'd be useful to have an option > to accept such a key? But a user of an archived Debian release wouldn't get an updated apt which includes this new option. :-) By the time Debian oldoldoldstable includes this option, the end of UNIX time might already be so clone that oldoldoldstable software wants a date safely in the past and one has to fake system time. That would make the keys unexpired at the same time. Ansgar
Re: Removing libsystemd0 from a non-systemd system
David Griffith writes: > On Sun, 6 May 2018, The Wanderer wrote: >> On 2018-05-06 at 21:25, David Griffith wrote: >> >>> What's the point of allowing libsystemd0 to exist when systemd has >>> been purged? >> >> So that programs which interface with systemd can detect whether or not >> systemd is present, and fall back to alternate code paths when it's not. >> >> As I understand matters (without having actually dug into the code), >> that detection code literally is what libsystemd0 *is*; when systemd is >> present, it passes through function calls to be handled in appropriate >> places, and when systemd is not present, it returns an appropriate >> default or failure value. > > I was under the impression that systemd-shim provided this > functionality. No, that's wrong. > When I look at > https://packages.debian.org/stretch/systemd-shim and > https://packages.debian.org/stretch/libsystemd0, their functions > appear to be identical except that the latter actually does talk to > systemd if systemd is present. systemd-shim provides a daemon that allows some parts of systemd to work even when systemd does not provide pid-1. For desktop systems that means systemd-logind will be able to run. (logind wants to start/stop some processes using an interface provided by systemd's pid-1 to manage cgroups; there is a fork (elogind) that just merged the cgroup management into the logind binary.) libsystemd0 is a shared library providing some functions to applications linking against the library. Some parts work without any daemons installed, some parts want to talk to some daemons provided by systemd services, depending on which functionality one uses. A daemon with a Dbus interface and a shared library are quite different things, especially when taking about why some package dependencies exist. Ansgar
Re: GPG key expiry questions?
Richard Hector writes: > On 14/03/18 15:50, likcoras wrote: >> You can change the expiry date of your own key, but for other people to >> be able to see it and avoid having your key show up as expired, you must >> publish the new (key? signature? not sure...) and others must fetch it >> before the expiry date hits. >> >> I think what happened is that you edited the expiration date of your key >> and published it, but the other person didn't get the updated version >> before their copy of your key expired. > > Ah, that sounds plausible. I think I actually edited it after it had > expired, so very likely, if that causes a problem. I have a newer one as > well (4096 instead of 2048 bit) - though apparently with no signatures > on it yet. Not sure if that will suffer the same problem? I can't > remember if that one also expired and was posthumously edited ... If it > hasn't actually been used much, will that mean nobody's got it 'cached'? Editing the key is no problem, the other side just has to update their copy from time to time. But this is necessary anyway: if they do not look for updates to the key, they will never know about key revocations either and continue to trust a revoked key. Just run `gpg --refresh-keys` from time to time. Ansgar
Re: Hash Sum mismatch in sid
matecs writes: > some corrupted index files hit the mirrors. > i've tried more, with the same results. > someone should take a look at it... [...] > E: Failed to fetch > store:/var/lib/apt/lists/partial/ftp.at.debian.org_debian_dists_sid_non-free_dep11_Components-amd64.yml.xz > Hash Sum mismatch >Hashes of expected file: > - Filesize:65721 [weak] > - > SHA256:0eb5ea70b4c46a7c0889e9601d16cedf3eb4ff55bf3b77ef2af2bcd3dcf48cec > - MD5Sum:68fdfbc3bc806010ba4c9fc8d4cb133b [weak] >Hashes of received file: > - > SHA256:5fa520cd26eac94e183632f84371643219fdf905dfd351b53bbcd7afa5c3b848 > - MD5Sum:875dd6824d698bfa73c6517307f692f5 [weak] > - Filesize:65721 [weak] >Last modification reported: Mon, 30 Oct 2017 21:09:03 + >Release file created at: Fri, 03 Nov 2017 02:41:19 + > E: Some index files failed to download. They have been ignored, or old > ones used instead. The program generating these files for appstream has crashed on some input and left inconsistent output files which were then synced into the archive. See also [1]. However only tools using this data should be affected (appstream, GNOME Software, no idea what else). apt should still get updated packages as usual as only the appstream metadata is affected, but not the Packages list or other indices. Ansgar [1] https://bugs.debian.org/880645
Re: Firefox Future and Config [WAS: Re: Password managers]
"Garreau, Alexandre" writes: > Wait, do you mean overriding password manager, and TreeStyleTabs will > certainly and definitely stop to work? TreeStyleTab is already ported to the new Web Extensions: https://addons.mozilla.org/en-US/firefox/addon/tree-style-tab/ It says "Compatible with Firefox 57+" right at the top besides the name. Ansgar
Re: Missing dedication file on mirrors (9.0.bn.txt)
Hi, Andre Rodier writes: > I am actually building custom CD images, with simple-cdd, but since > today, I am encountering errors that were not here Friday. > > Here the error: > > DEBUG downloading: > /tmp/seequestor/tmp/mirror/doc/dedication/dedication-9.0.bn.txt > > It seems this file is referenced, but I cannot find it in any Debian > mirror. I forgot to check the file permissions and it looks not all of them were world-readable. This should be fixed with the next mirror push in a few hours. Ansgar
Re: No ifconfig
Fungi4All <fungil...@protonmail.com> writes: >> Never. Debian developers are not your lackeys. > > Unless you are willing to pay more than n s a sys tem d red hat and they can > become "your" lackeys. Could you take your crazy conspiracy theories somewhere else? I'm also very tempted to suggest contacting a mental health professional if you truly believe what you write and are not just trolling. Ansgar
Re: Yes you have standing to sue GRSecurity.
<to...@tuxteam.de> writes: > On Sat, Jul 29, 2017 at 12:35:55PM +, ni...@redchan.it wrote: >> haven't assigned your copyrights away then YOU OWN YOUR >> CONTRIBUTIONS. > > Uh, oh. Redchannel. > > While what you write is true (everyone should know by now that every > contributor has a right to sue, Harald Welte's initiative wouldn't > have been possible otherwise), I have the strong suspicion that you > are here merely to stir the shit. > > Try to be constructive, instead of YELLING AROUND here. MikeeUSA is a well-known troll using different mail addresses all the time. Sometimes people fall for him (resulting for example in the earlier thread about GRsecurity here or a certain Debian derivative refers to MikeeUSA for why a certain init system is bad). Just don't feed him here :-) Ansgar
Re: Can "PulseAudio Volume Control" devs be redeemed?
Erik Christiansen writes: > Aha, if the "PulseAudio Volume Control" window is manually widened, the > suppressed tabs become visible. Is it then the Debian 9.0.0 distro-smiths > who have set too small a window size in their LXDE menu item invocation? It seems to remember what size it was last started with. So if a user decides to make it small and hide stuff, it will remember the user's wishes. Now, the problem is that users don't know what they want, act irrational, will never remember what they did earlier (how often does one hear "I did nothing, but everything broke"?) and blame everything on the software developer. Not to forget some even come up with conspiracy theories how Microsoft paid people to make the application window smaller ;-) Ansgar
Re: Replace systemd
David Griffith writes: > I'm aware of that technique. What I was talking about is a menu > option that pops up when the install is running that explicitly asks > the person installing which init to use. But there are far more urgent questions that don't get asked at install time either: 1. Which editor to use at the default editor. (Even worse: emacs isn't even included in the install by default!) 2. Which shell to use as the login shell. I still have to install my favorite shell (zsh) manually :-( 3. Which web browser to install. Not everyone prefers Firefox. 4. Which mail user agent to install. I can go on. All have to be chosen after install and I don't think there is a good reason the init system should be special: likely a larger number people cares more about the software they use all the time. So if anything, one should probably ask about that. Ansgar
Re: where to submit low security vulnerability in .profile?
Greg Wooledge writes: > On Mon, Jun 19, 2017 at 06:00:58PM +0200, Nicolas George wrote: >> Le primidi 1er messidor, an CCXXV, Henrique de Moraes Holschuh a écrit : >> > That said, no, it is not usually considered a security vulnerability, >> > because NOT using the full path to run commands such as "su" and "sudo" >> > in the first place IS considered gross negligence. >> >> If your account has been compromised so much that an attacker was able >> to add something in ~/bin/, then using the full path of the commands >> does not bring any extra security. > > Henrique, I believe, was describing an attack that works like this: > > 1) Login. > 2) PATH=~/bin:$PATH > 3) vi ~/bin/su (insert malicious code); chmod 755 ~/bin/su > 4) Call the system administrator, and get him/her to come to your desk. > 5) Get the sysadmin to run "su -c something" for you at your desk. >This runs your password-capturing program, which records the root >password somewhere you can retrieve it after the sysadmin leaves. Typing /bin/su instead doesn't help against this attack, for example zsh allows: $ alias /bin/su="echo Hallo" $ /bin/su Hallo Or one could just present something that looks and behaves like the normal shell except when /bin/su is called. Or use the DEBUG trap in bash. Or... In short, it is never safe to run `su` and enter a password from an untrusted account. And one should regard all accounts one uses `su` from as equivalent to root (for misuse; the password just helps against breaking some things by accident). Ansgar
Re: Libvirt in Stretch?
Albin Otterhäll writes: > It seems that the package `libvirt-bin` has been deprecated in Stretch > (it isn't available via the repositories). I can't find any > documentation regarding virtualization using KVM in Stretch. > > What's the replacement for `libvirt-bin`? The libvirt-bin package in Debian 8 has: +--- | Package: libvirt-bin | Version: 1.2.9-9+deb8u3 | [...] | Depends: libvirt-daemon-system (>= 1.2.9-9+deb8u3), libvirt-clients (>= 1.2.9-9+deb8u3) | [...] | Description: programs for the libvirt library | [...] | This is a transitional package. You can safely remove it. +--- So you are probably looking for libvirt-daemon-system and/or libvirt-clients. Ansgar
Re: Easiest Way to Mount an Image File
"Martin McCormick" writes: > sudo losetup /dev/loop0 /home/pgmaudio/2016-11-25-raspbian-jessie-lite.img [...] > sudo mount /dev/loop0 p2 /mnt > > The report is that it doesn't exist and ls /dev/loop0* only shows > the original loop0 loopback device. I looked through all of /dev > such as /dev/mapper and there seems to be nothing else pertaining > to loop0 so what am I missing? I'm not sure that `losetup` scans for partitions on the image by default; maybe try `losetup --partscan` or `partx -a /dev/loop0`. Ansgar
Re: Difference between LUKS drives with cryptsetup and Disks?
Ansgar Burchardt <"Ansgar Burchardt"@43-1.org> writes: > As you only want to manage a single partition, I would try to use the > 'filesystem-fstab' and 'encrypted-unlock-crypttab' actions which should > only apply to specific devices instead of the '*-system' actions: add > the 'x-udisks-auth' option to the /etc/fstab and /etc/crypttab entries > and allow using them by the active user without a password prompt: > > +--- > | [Allow active user to mount x-udisks-auth filesystems] > | > Action=org.freedesktop.udisks2.filesystem-fstab;org.freedesktop.udisks2.encrypted-unlock-crypttab > | ResultActive=yes > +---[ /etc/polkit-1/localauthority/50-local.d/x-udisks-auth.pkla ] > > See man:pklocalauthority(8) for documentation of the *.pkla files. Ah, and I just noticed that the "Identity=" is not optional. So that needs an additional Identity=unix-user:* (Or a username instead of "*".) Ansgar
Re: Difference between LUKS drives with cryptsetup and Disks?
Hi, Joerg Desch writes: > I've created a LUKS partition which I mount on demand. This partition was > created using cryptsetup. While mounting the partition, GNOME asks me > first for the passphrase and than for the "admin" password. > > A while ago, I've created a LUKS partition on an USB thumb drive using > GNOME Disks. In this case, mounting requires only the passphrase. And > that doesn't depend on the used computer! > > What is the difference? Can I change the behavior of my older LUKS > partition too? GNOME uses udisks2 to manage devices. udisks2 treats removable devices (can mount as regular user) and system devices (can only mount as admin) differently. One can find the actions udisks2 uses PolicyKit for in /usr/share/polkit-1/actions/org.freedesktop.udisks2.policy: the interesting ones probably are: org.freedesktop.udisks2.filesystem-mount org.freedesktop.udisks2.filesystem-mount-system org.freedesktop.udisks2.filesystem-fstab org.freedesktop.udisks2.encrypted-unlock org.freedesktop.udisks2.encrypted-unlock-system org.freedesktop.udisks2.encrypted-unlock-crypttab The default permissions allow the active user to use 'filesystem-mount' (that is mount removable devices) and 'encrypted-unlock' (unlock removable devices). The other actions are only allowed for administrators with a password prompt (`auth_admin` or `auth_admin_keep`). As you only want to manage a single partition, I would try to use the 'filesystem-fstab' and 'encrypted-unlock-crypttab' actions which should only apply to specific devices instead of the '*-system' actions: add the 'x-udisks-auth' option to the /etc/fstab and /etc/crypttab entries and allow using them by the active user without a password prompt: +--- | [Allow active user to mount x-udisks-auth filesystems] | Action=org.freedesktop.udisks2.filesystem-fstab;org.freedesktop.udisks2.encrypted-unlock-crypttab | ResultActive=yes +---[ /etc/polkit-1/localauthority/50-local.d/x-udisks-auth.pkla ] See man:pklocalauthority(8) for documentation of the *.pkla files. Note that I haven't used PolicyKit that much, so some details might not be quite correct. Ansgar
Re: polickit rules - what wrong
Brian writes:
> On Thu 20 Oct 2016 at 20:38:35 +0200, Ansgar Burchardt wrote:
>> Kamil Jońca writes:
>> > I try to make
>> > /etc/polkit-1/localauthority/50-local.d/49-nopasswd_limited.conf
>> > which contains:
>> > polkit.addRule(function(action, subject) {
>> [ Javascript ]
>> > });
>> > but no effect.
>> > What do I wrong?
>>
>> Which version of policykit-1 do you have installed?
>>
>> In Debian, only the version from experimental (0.113) supports the
>> newer, JavaScript-using rules. 0.105 from stable/testing/unstable does
>> *not* support them, but uses an older format (which also lacks some
>> features).
>
> What features does the .pkla format lack?
>From the original mail:
+---
|if (action.id == "org.freedesktop.systemd1.manage-units") {
| if (action.lookup("unit") == "openvpn.service") {
| var verb = action.lookup("verb");
| if (verb == "start" || verb == "stop" || verb ==
"restart") {
+---
The .pkla files only have Action=xyz (equivalent to action.id == "..."),
but additional variables can be provided (action.lookup(...)) that the
old system cannot use (as far as I know).
In particular here systemd also provides the unit and verb so one can
allow a user to only start and stop the "openvpn.service" unit. The old
system could only allow managing all units (and all unit-actions).
Ansgar
Re: polickit rules - what wrong
Hi,
Kamil Jońca writes:
> I try to make
> /etc/polkit-1/localauthority/50-local.d/49-nopasswd_limited.conf
> which contains:
> polkit.addRule(function(action, subject) {
[ Javascript ]
> });
> but no effect.
> What do I wrong?
Which version of policykit-1 do you have installed?
In Debian, only the version from experimental (0.113) supports the
newer, JavaScript-using rules. 0.105 from stable/testing/unstable does
*not* support them, but uses an older format (which also lacks some
features).
Ansgar
Re: invoke-rc.d & systemd
Henrique de Moraes Holschuh writes: > On Sun, 07 Aug 2016, Ansgar Burchardt wrote: >> That might behave different than expected when current state of the >> daemon and the boot configuration differ: for example the sequence above > > It shouldn't, unless invoke-rc.d is broken. It does as you say yourself: > The whole reason it exists > is exactly to account for boot state (i.e. enabled/disabled, as opposed > to started/stopped). But if you want to restart a running daemon, that action does *not* depend on the boot configuration at all: it should be restarted if running, but not started if it was not running before. invoke-rc.d doesn't help in this case. >> start at boot; or it will stop the daemon if it was manually started but >> is not configured to start automatically at boot. > > It has to stop it, yes. That's exactly the point, since it is meant to > be used during daemon upgrades. We *usually* don't want a daemon > running while its components and configuration are being updated under > its feet, unless it is a daemon engineered to tolerate it well (which is > actually easy to do on simple daemons, so it is actually the rule rather > than the exception). Well, the default for packages using debhelper has recently changed: +--- | v10 This compatibility level is open for beta testing; changes may | occur. | | Changes from v9 are: | [...] | - The dh_installinit command now defaults to --restart-after-upgrade. | For packages needing the previous behaviour, please use | --no-restart-after-upgrade. +---[ man:debhelper(5) ] So the default assumption for Debian is to expect this to work. Changing the configuration and only then restarting the service also matches what happens with most configuration changes besides packages upgrades in my experience (either manual changes or changes applied by a configuration management system). Ansgar
Re: invoke-rc.d & systemd
Andre Majorel writes: > I'm working on a program to make changes to a daemon's > configuration file. The man page helpfully warns against doing > that without immediately restarting it. > > Do you think the following would work on any Debian system, > regardless of its current run level and choice of init system ? > > 1. run invoke-rc.d daemon-package stop > 2. update config file > 3. run invoke-rc.d daemon-package start That might behave different than expected when current state of the daemon and the boot configuration differ: for example the sequence above will start the daemon if it was not running before but is configured to start at boot; or it will stop the daemon if it was manually started but is not configured to start automatically at boot. systemctl has a `try-restart` option that might be helpful in such cases, but this is optional for LSB init scripts (yay...). `reload` would also work if supported. Ansgar
Re: update-rc.d creates unexpected sequence numbers
Hi, CN writes: > On Sun, May 15, 2016, at 10:05 PM, Ansgar Burchardt wrote: >> That doesn't look correct: unless you defined a "$postgresql" system >> facility (in /etc/insserv.conf), you should require "postgresql" and >> not "$postgresql". >> > > Many thanks for the correction, which seems to have fixed my execution > problems. [...] > , command > update-rc.d my-program defaults 20 80 > gives the correct orders of my-program and postgresql like so: You can leave out the numbers at the end, that is just call update-rc.d my-program defaults The sequence numbers are automatically calculated from the dependencies by `insserv`. (Under both sysvinit and systemd.) For older releases the specified number was relevant, but even the documentation for `update-rc.d` in Wheezy documents the dependency-based system; for Jessie and later the manual sequence numbers is even no longer mentioned in the documentation (and always ignored anyway as far as I know). Ansgar
Re: update-rc.d creates unexpected sequence numbers
Hi, CN <cnli...@fastmail.fm> writes: > /etc/init.d/my-program is correctly prepared with LSB header comments > like this: > > #!/bin/sh > ### BEGIN INIT INFO > # Provides: my-program > # Required-Start: $postgresql > # Required-Stop:$postgresql > # Default-Start:2 3 4 5 > # Default-Stop: 0 1 6 > # Short-Description: My program. > # Description: My program. > ### END INIT INFO That doesn't look correct: unless you defined a "$postgresql" system facility (in /etc/insserv.conf), you should require "postgresql" and not "$postgresql". Ansgar
Re: on-demand mounting of filesystems via Systemd (e.g. /backup)
Hi Andrew, Andrew McGlashan <andrew.mcglas...@affinityvision.com.au> writes: > Sadly this software version of > cancer is planned to keep spreading. Could you please keep your cancer to lists where people are not expected to follow a minimal code of conduct[1]? I'm sure that you will find the Devuan mailing list to be a welcoming place for people like MikeeUSA or yourself. (After all they referred to the thread with [2] in their interview with Distrowatch[3]; note that message is dated from before the interview.) Ansgar, getting bored of dealing with trolls [1] <https://www.debian.org/code_of_conduct> [2] <http://web.archive.org/web/20141025195928/http://www.debianuserforums.org/viewtopic.php?f=63=3031=f2bafc536f913d6b2300f0d15152=100#p29367> [3] <http://distrowatch.com/weekly.php?issue=20141027#qa>, just search for "sgryphon"
Re: on-demand mounting of filesystems via Systemd (e.g. /backup)
Hi, Jonathan Dowland writes: > I just wrote a blog post about how to use Systemd to configure mount-on-demand > filesystems, e.g. /backup (in my case). This was triggered by recent news in > the UK that a major hosting provider had deleted all their customer VMs by > accident by issuing something like "rm -rf" - but they *also* got all their > backups because their backup volume was mounted too. > > Anyway, in the past I've read some useful tips for using Systemd on this > list, so here's the blog post should it be of any interest: > > https://jmtd.net/log/mount_on_demand_backups/ I think using mount namespaces is a bit nicer solution for the problem: the /backup mount will only be visible for the backup process and, as far as I understand, be automatically unmounted when all processes in the namespace exit, i.e. when the backup is done. Here is a quick example in an interactive shell: +--- | # umount /boot; ls /boot | [empty] | # unshare -m | [Note: This will start a subshell] | # mount /boot; ls /boot | System.map-4.3.0-1-amd64 [...] | [Run backup here ;)] | [Note: /boot will appear empty for other processes at this point.] | # exit | # ls /boot | [empty] +--- I used /boot instead of /backup as that exists on my computer. Note that /boot is only visible from the subshell started by unshare or other processes that entered the namespace (e.g. with nsenter(1)). A stray `rm -rf /` can thus not see it even when run at the time of the backup. I'm not sure you can achieve this via systemd's .mount units, although systemd itself also makes use of mount namespaces. For example, systemd uses them to provide a per-service /tmp, make /home unaccessible or only allowing read-only access to /usr or /etc for individual service. See the PrivateTmp=, ProtectHome=, ProtectSystem=, PrivateDevices=, ReadOnlyDirectories=, InaccessibleDirectories= and ReadWriteDirectories= in man:systemd.exec(5). Ansgar
Re: Can't connect to outside world using openbox
Hi, Francis Gerund <ranr...@gmail.com> writes: > The problem may be with dhcp, since xfce has no problem getting to the > outside world, but openbox refuses to go any further than localhost. > > So, does dhcp functionality need to be installed and/or set up > separately for openbox? > > And if so, how? What do you use to manage your network connection? ifupdown should work regardless of the graphical interface, but NetworkManager can have either "user" or "system" connections[1]. The system connections are always available, but I'm not sure when user connections are brought up: they might require some support from the desktop environment or manual configuration. If you use NetworkManager, I suggest to make sure the connection is a "system" connection. You can do so using "nm-connection-editor" (from network-manager-gnome) or possibly other ways. In nm-connection-editor, the setting should be "All users may connect to this network" in the "General" tab. You might also want to check "Automatically connect to this network when it is available" if it is not already checked. Ansgar [1] <https://wiki.gnome.org/Projects/NetworkManager/Users#How_do_I_change_my_network_connections.3F>
Re: Debian stretch hiberante hooks
Hi, kjo...@poczta.onet.pl (Kamil Jońca) writes: > There is laptop with "stretch/sid" on it. > I want umount all remote filesysems before suspending/hibernating it. > When google I found only solutions referring to pm-utils and > /etc/pm/sleep.d sripts. But this does not work for me. It looks like > pm-hibernate is not even calling. > So my question is: how can I put script to run before hibernate? Or what > should I read? When using systemd instead of pm-utils, one can hook into the "sleep.target" (or only "suspend.target" or "hibernate.target"). There is also the /lib/systemd/system-sleep directory, but its documentation[1] says its use should be considered a hack. There are some examples how to do so on [2]. Ansgar [1] <man:systemd-sleep(8)> [2] <https://wiki.archlinux.org/index.php/Power_management#Sleep_hooks>
Re: [SOLVED] Re: Debian stretch hiberante hooks
Hi, kjo...@poczta.onet.pl (Kamil Jońca) writes: > I put file /etc/systemd/system/remote-umount.service > which contains: > [Unit] > Description=Umount remote cifs/sshfs filesystems > Before=suspend.target > Before=hibernate.target > Before=hybrid-sleep.target Just using "sleep.target" instead of the three individual ones should also work and do the same. Ansgar
Re: "systemd --user" not starting upon login
Pavel Volkov <sai...@lists.xtsubasa.org> writes: > "systemd --user" instance is not autostarted here on Jessie when > logging remotely via SSH. Does the user manager get started when logging in locally? If not, make sure dbus and libpam-systemd are installed. If only ssh is the problem, make sure the PAM configuration for ssh includes the pam_systemd module. Usually /etc/pam.d/sshd should just include "common-session" which should have pam_systemd. Also make sure PAM is not disabled in sshd_config (I think this also disables starting PAM sessions). Ansgar
Re: Trying to remove "architecture i386"
Sharon Kimble <boudic...@skimble.plus.com> writes: > ╭ > │sudo dpkg --remove-architecture i386 > ╰ > > which failed saying - > > dpkg: error: cannot remove architecture 'i386' currently in use by the > database > > How then can I remove 'i386' please, or should I just cut my losses and > reinstall? Do you still have any i386 packages installed? I think running dpkg -l "*:i386" should list them (I don't use multiarch myself, but it works for the native architecture and "*:all"). Ansgar
Re: Upgrade to Jessie lost all monitor resolutions except 1024x768
Marc Shapiro <marcns...@gmail.com> writes: > I decided, since this was just a test, to install systemd-sysv (which > should remove sysvinit-core) so that I could see if booting with > systemd would make a difference. But... > > I can't install systemd-sysv. I get the following: [...] > which suggests that it exists, but nothing is installable. Now, I > would be happier to get this working without systemd, but shouldn't > systemd be installable? Did you maybe pin systemd-sysv to make sure it didn't get installed? Check /etc/apt/preferences & /etc/apt/preferences.d or the output of "apt-cache policy systemd-sysv". If you try systemd, you might want to make sure that "sysvinit" is installed. This should provide an entry in grub's boot menu to start with sysvinit in case anything goes wrong; with other bootloaders one can pass init=/lib/sysvinit/init to do so. Though it would surprise me a bit if this affects X in Jessie. Ansgar
Re: Can't startx as normal user
"Draco Metallium(Rodrigo S. Cañibano)" <draco@gmail.com> writes: > No only root can run startx. If a user tries the following error appears: > > "(EE) AddScreen/ScreenInit failed for driver 0" The first error in the log you attached is: > [ 4203.010] (EE) systemd-logind: failed to get session: Rejected send > message, 1 matched rules; type="method_call", sender=":1.34" (uid=1000 > pid=18022 comm="/usr/lib/xorg/Xorg -nolisten tcp :1 vt2 -keeptty -") > interface="org.freedesktop.login1.Manager" member="GetSessionByPID" error > name="(unset)" requested_reply="0" destination="org.freedesktop.login1" > (uid=0 pid=5989 comm="/lib/systemd/systemd-logind ") which looks like some DBus policy forbids Xorg to talk to logind. Xorg does so in order to get access to devices w/o being setuid root since recently. I remember users having problems with DBus policies when old version of systemd-shim were installed (it has been fixed some time ago), cf. https://bugs.debian.org/746242 Please make sure that either systemd-shim is purged (not only removed), e.g. by running "apt-get purge systemd-shim", or that at least version 6-3 of systemd-shim is installed (if you don't use systemd as init). Ansgar
Re: SATA HD hotplug "Authentication is required"
Renaud (Ron) OLGIATI <ren...@olgiati-in-paraguay.org> writes: >> > I have just added an eSATA outlet on my box; when I plug in a SATA >> > disk, it is visible in gparted, its label is displayed in the Places >> > column of PCManfm, but when I click on it I get an error >> > "Authentication is required". [...] > Thanks; I should have asked: > > How do I get it to automount (without asking for authentification) ? I think udisks treats drives attached via eSATA as "system" devices for which the default policykit rules only allow mounting with authentication. These should show up as "HintSystem: true" in the output of "udisksctl dump". You could try marking them as UDISKS_SYSTEM=0 in a udev rule. See [1] for how to do so. Ansgar [1] <https://wiki.archlinux.org/index.php/Udev#Mark_internal_SATA_ports_as_eSATA>
Re: Starting systemd user services on boot on a Debian server
Fredrik Jonson <fred...@jonson.org> writes: > Ansgar Burchardt wrote: >> Fredrik Jonson <fred...@jonson.org> writes: >> > What is the recommended way to set up Systemd user services with Debian? >> Just run 'loginctl enable-linger [USER]' as root. > > Initially that didn't work... > > root@host# loginctl enable-linger foouser > Failed to create bus connection: No such file or directory > > A quick google seems to indicate[0][1] that it is related to dbus somehow. > I checked, and the server didn't have dbus installed on the machine, so I > installed it (apt-get install dbus) and reran the command: Hmm, right. logind needs dbus to work. > root@host# loginctl enable-linger foouser > > This time the command ran without any apparent objections from the system. > > Next, I create my unit in $HOME/.config/systemd/user/foo.service but > systemctl fails to enable it: > > foouser@host$ systemctl --user enable foo.service > Failed to get D-Bus connection: Connection refused > > Now what? > > I notice that there isn't a systemd or dbus instance running under the user. > Should there be, and if, what's responsible for starting it? > > Additionally, when I try to start a user instance manually, it fails: > > foouser@host$ systemd --user > Trying to run as user instance, but $XDG_RUNTIME_DIR is not set. The documentation for "loginctl enable-linger" says "If enabled for a specific user, a user manager is spawned for the user at boot and kept around after logouts." I guess you didn't restart the system? A user manager should in either case also be started when logging in. This is handled by logind + libpam-systemd. I assume you might not have the latter installed? (Note that using "su" to switch from root to foouser does not count as a login.) I don't think you can just start "systemd --user" as it wants to manage cgroups for services it spawns. "/lib/systemd/system/user@.service" has Delegate=yes to allow it to do so. libpam-systemd is also responsible for setting the XDG_RUNTIME_DIR variable. libpam-systemd is currently at Priority: optional. I'm wondering if it should be raised to Priority: standard... Ansgar
Re: systemd alternative for Jessie?
Hi, tom arnall <kloro2...@gmail.com> writes: > i read the piece on installing without systemd. i get the feeling > that the bottom line of it is: good luck. or am i missing something? > On 10/13/15, Joel Rees <joel.r...@gmail.com> wrote: >> I tend to be wandering around way out in left field a lot, but >> >> https://wiki.debian.org/systemd#Installing_without_systemd The linked note explains how to do the *initial* installation without systemd which seems a bit complicated. If you want to use some other init implementation, I would recommend doing a regular install and then replacing systemd-sysv as described on [1]. [1] <https://wiki.debian.org/FAQsFromDebianUser#systemd> > who decided that Debian shd be locked to systemd? It's not. > what did they do to poll the views of the user community on the question? If you want to know how Debian's technical committee came to choose systemd as the default init, see [2]. [2] <https://bugs.debian.org/727708> > is it true that Red Hat had a major influence on the Debian decision makers? No. As far as I know that conspiracy theory is about as true as the other one about the moon landings being fake. ;) > from what i've read so far, systemd is still very much in beta at > best. wd people on this list agree with that? No. Ansgar
Re: Starting systemd user services on boot on a Debian server
Fredrik Jonson <fred...@jonson.org> writes: > What is the recommended way to set up Systemd user services with Debian? [...] > AFAIU, to make this happen, I need to have a user Systemd instance started on > boot. How do I set up my Debian server to automatically start a user instance > for a regular user on boot to control the user's service units? Is there a > recommended way to do it? Just run loginctl enable-linger [USER...] as root. This will make logind start the systemd user instance for the given user(s). Ansgar
Re: Advertising and commercial services in free software
Hi, Lisi Reisz <lisi.re...@gmail.com> writes: > On Monday 05 October 2015 19:58:19 Timothy Hobbs wrote: >> Lately, I feel that this trust has been violated. Most notably, by the >> addition of advertisements to iceweasel's new tab page. >> http://timothy.hobbs.cz/iceweasel-ads.png See the "Booking.com" >> sponsored link. > > I don't see that. Do other people? > > I see only suggestions of sites I have visited - and I can even turn them off. > I leave them on because I find them quite useful. I think they are only shown in a new install (or new user profile) and replaced with sites you have visited in the past over time. It might also depend on the locale. +--- | If you are using Firefox for the first time, the New Tab page will | display useful and interesting content, including sites we consider | important to the Mozilla mission, and sponsored sites from commercial | partners. They are eventually replaced by sites from your history as | you continue to use Firefox. +---[ https://support.mozilla.org/en-US/kb/about-tiles-new-tab ] One can disable them by clicking on the cog wheel in the upper right corner of the new tab page and choosing "Classic" or "Blank", but the default indeed shows a "Booking.com" ad in a new profile for me right now. Ansgar
Re: repo keys fail
Gene Heskett <ghesk...@shentel.net> writes: > sudo apt-get update > ends with this: > W: Failed to fetch http://http.debian.org/debian/dists/wheezy/Release.gpg > Could not resolve 'http.debian.org' The mirror redirector was at "http.debian.net", but moved to "httpredir.debian.org". "http.debian.org" was never used. Update the sources.list entry and try again. Ansgar
Re: Compiling coreutils from source
Hi, Florian Pelgrim writes: > I would also be interested what this message means and if it can be > ignored or anything should be done: >> /home/vagrant/coreutils-8.23/src/whoami.c:85: warning: Using >> 'getpwuid' in statically linked applications requires at runtime the >> shared libraries from the glibc version used for linking `getpwuid' uses shared objects to implement modules for user information lookup (/etc/passwd) and the like; this is configured in /etc/nsswitch.conf. As far as I know, the interface between glibc and these modules is not stable. I don't know how often it changes though. If you link statically, you have to have the correct versions of these shared objects around: they cannot be linked in as it is only decided at runtime which ones to load. If they aren't available, I would expect failures in programs relying on name lookup: for example whoami cannot get the username associated with the uid if `getpwuid' fails. Ansgar
Re: debian 8 on a raspex raspberry pi2
Hi, Joe Zien joz...@comcast.net writes: I installed raspex on a raspberry pi2 which is using debian 8. Only one problem, can't get sound working. Installed alsaplayer and kmix but can't config to play a sound file. With RaspEX you mean http://raspex.exton.se/? That seems to be a mixture of (at least) Debian, Ubuntu and Linaro packages; I don't think a Debian mailing list can help very well with problems specific to something not Debian. Please try asking the RaspEX community. Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87pp3j9t3d@deep-thought.43-1.org
Re: Install a package marked `debports'
Rodolfo Medina rodolfo.med...@gmail.com writes: I wanted to install the kazehakase Debian package, but aptitude won't, in fact this is my sources.list: The package was removed from Debian, see [1]. The debports entry on [2] refers to an (outdated) version of the package for the m64k architecture on Debian Ports[3] which provides hosting for architectures not on the main mirror network. Ansgar [1] https://packages.qa.debian.org/k/kazehakase/news/20120125T125210Z.html [2] https://packages.debian.org/kazehakase [3] https://www.ports.debian.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87k2ulnjkl@deep-thought.43-1.org
Re: Systemd files on a Raspberry Pi
Dan Ritter d...@randomstring.org writes: People only complain about systemd being a cancer if they love the Debian system otherwise. [...] Remember that every time you tell people to go use something else, you are saying that they are not valued members of the community. I do indeed not consider people with toxic behaviour as valued members of the community. Loving something is *not* an excuse for such behaviour. Short outbursts of temper I can understand, and I assume so can most others, but continued abuse over a long time is not something I think we should put up with. It's just damaging and drives other users and people who contribute away (and this has happened already over this specific behaviour). Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87ioafy0dz@deep-thought.43-1.org
Re: Systemd files on a Raspberry Pi
Andrew McGlashan andrew.mcglas...@affinityvision.com.au writes: If it quacks like a duck, it's a duck, plain and simple. I absolutely agree with the post that systemd is a cancer And I think Debian can do fine without people who only contribute toxic behaviour. And yes, calling other projects a cancer is just that. Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/871th397kc@deep-thought.43-1.org
Re: Systemd files on a Raspberry Pi
chris tknch...@gmail.com writes: systemd is a cancer that you should completely eradicate especially on a system like that Please follow Debian's Code of Conduct[1] (or just basic manners) on Debian's mailing lists. Calling free software projects a cancer is not appropriate whether you like them or not. Ansgar [1] https://www.debian.org/code_of_conduct -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87d20oonrr@deep-thought.43-1.org
Re: systemd equivalent
Bob Bernstein b...@fanatick.org writes: My initial question was _meant_ to be, simply: can this (ps ax|grep ssh) be done, or approximated to, using sysctl? No, systemd is not supposed to replace standard system utilities. (Also sysctl is a completely unrelated tool to configure kernel parameters; the systemd utility is systemctl.) However if you configure your ssh tunnel as a service that systemd manages, then you can query systemd about its state via systemctl or directly via systemd's DBus interface: Is the service running? systemctl is-active my-tunnel What is the services main process' PID? systemctl -pMainPID show my-tunnel Note that there is also a per-user instance of systemd to allow regular users to use systemd to manage their own services if they choose to do so. Not everything has to be a system service. Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87twuawrdh@deep-thought.43-1.org
Re: jessie: `evince`, `atril`, `okular` unable to open PDFs; libtiff.so.4: cannot open shared object file: No such file or directory
On 05/20/2015 02:47 PM, Alexis wrote: Sven Arvidsson s...@whiz.se writes: Do you have old versions of libraries lying around? Maybe things you compiled and installed yourself? i do[1]; but how can i find out which library is the one calling libtiff4? E.g. do i need to make use of something like strace(1), or to methodically work through the output of ldd(1)? Usually the problematic (locally-installed) libraries should be in /usr/local. So you could try looking at the output of ldd for libraries located there. Or just look in /usr/local/lib. Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/555c8949.9080...@debian.org
Re: Iceape
Hi, On 03/11/2015 04:14 PM, Thomas H. George wrote: Is iceape gone in Jessie? It got removed from everywhere some time ago due to no longer being security-supported. See the last four news entries on https://packages.qa.debian.org/i/iceape.html. I am still using it regularly in Wheezy and it still shows up in apt-cache search iceape when run from Wheezy but is missing when I run the search from Jessie. It proabably still shows up due to being installed. Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55006a95.4000...@debian.org
Re: sendmail on debian testing
Hi, Michael Grant mgr...@grant.org writes: On Tue, Feb 3, 2015 at 4:04 PM, Reco recovery...@gmail.com wrote: A nessesary correction - /etc/init.d/sendmail *tries* to run '/bin/systemctl start sendmail.service'. But, since no sendmail* package provide systemd's service file - nothing happens. Not true. Systemd is supposed to handle sysvinit scripts as well, i.e. when there is no native .service file for systemd it will run the scripts in /etc/init.d/*. This seems to not work here for some reason. Try adding export _SYSTEMCTL_SKIP_REDIRECT=true to /etc/init.d/sendmail Thanks, this is progress, I can now start sendmail by hand by running '/etc/init.d/sendmail start', but it's not starting automatically at boot time. I don't know if this has anything to do with that: # systemctl enable sendmail Synchronizing state for sendmail.service with sysvinit using update-rc.d... Executing /usr/sbin/update-rc.d sendmail defaults Executing /usr/sbin/update-rc.d sendmail enable # systemctl is-enabled sendmail Failed to get unit file state for sendmail.service: No such file or directory That should be fine for services without a systemd .service file. also, a better place to add this: export _SYSTEMCTL_SKIP_REDIRECT=true to is /etc/default/sendmail and not modify /etc/init.d/sendmail. Adding this to /etc/default/sendmail seems to work equally as well in that running '/etc/init.d/sendmail start' does manually start sendmail. That is no surprise: at boot it's still systemd calling /etc/init.d/sendmail so workarounds to bypass systemd don't work. Could you try restarting sendmail (systemctl restart sendmail) and show the output of `systemctl status sendmail'? It also shows the most recent log entries, but the output of journalctl --unit sendmail --since -5min might also be useful (if it shows more messages). I tried installing sendmail on a minimal test installation and systemd started at least one daemon (sendmail: MTA: accepting connections), so at least something gets started (though it complained about the test installation not having a FQDN so other parts might be broken and not have started). Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87egq6kg1b@deep-thought.43-1.org
Re: sendmail on debian testing
Hi, Michael Grant mgr...@grant.org writes: On Tue, Feb 3, 2015 at 6:26 PM, Ansgar Burchardt ans...@debian.org wrote: Could you try restarting sendmail (systemctl restart sendmail) and show the output of `systemctl status sendmail'? It also shows the most recent log entries, but the output of journalctl --unit sendmail --since -5min might also be useful (if it shows more messages). So, this is interesting. 'systemctl restart sendmail' with no other changes to the system does start sendmail manually. However, 'systemctl start sendmail' does not, at least, not without Reco's line in /etc/default/sendmail. Okay, this is a limitation in systemd's compatability layer for init scripts: systemd keeps track of the current state of services. Some services (daemons) can only be active when the daemon process is around, but there are also services that only run some commands and then exit, i.e. a service setting up the keyboard layout. For native systemd services there is an option RemainAfterExit= which can be used to specify this (see man:systemd.service(5)). For init scripts systemd cannot know this and defaults to RemainAfterExit=true. So systemd considers the sendmail service running as RemainAfterExit is set for init scripts and /etc/init.d/sendmail start did *not* return an error, even though it failed to actually start the daemon (see below). systemctl start is thus not doing anything as systemd will not start the same service twice. systemctl restart will mark the service stopped first and then start it again; this is not a noop for services already running. When I run systemctl status sendmail just after rebooting, this is what it looks like: # systemctl status sendmail ● sendmail.service - LSB: powerful, efficient, and scalable Mail Transport Agent Loaded: loaded (/etc/init.d/sendmail) Active: active (exited) since Tue 2015-02-03 18:23:25 EST; 1min 27s ago Process: 2604 ExecStart=/etc/init.d/sendmail start (code=exited, status=0/SUCCESS) This is a bug in the init script: it should not return success if there was an error starting the service (though it cannot always find out if there was an error easily). Feb 03 18:23:24 bottom.networkguild.org sendmail[2604]: Starting Mail Transpo... Feb 03 18:23:24 bottom.networkguild.org sm-mta[2822]: NOQUEUE: SYSERR(root): ... This looks like an error, but the interesting part is cut off. You might want to run systemctl status -l sendmail as suggested below, or journalctl -b --unit sendmail to show all log messages for the sendmail service since the last reboot (or check /var/log if a syslog daemon is running). Feb 03 18:23:25 bottom.networkguild.org sendmail[2604]: . Feb 03 18:23:25 bottom.networkguild.org systemd[1]: Started LSB: powerful, ef... Hint: Some lines were ellipsized, use -l to show in full. I suspect that sendmail misses some dependency information in its init script, that is it expects some other parts of the system to be already brought up when it starts. As systemd starts more parts in parallel, it's more likely to uncover such issues than booting with sysvinit. Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87y4oefqlh@deep-thought.43-1.org
Re: One more try to post
Hi, On 01/13/2015 11:37 AM, Gene Heskett wrote: Recent debian wheezy install here. Where in the configs, can I get rid of the F10 key stealing by the terminal emulator so it can revert to being the mc exit key? If you use GNOME, there should be a Enable the menu accelerator key (F10 by default) option in the Terminal's preferences (under the General tab). I checked in Debian Jessie, but don't remember it moving around. So hopefully it's in the same place on Wheezy. Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54b4f760.4050...@debian.org
Re: Joey Hess is out?
On 11/17/2014 03:54 PM, The Wanderer wrote: On 11/17/2014 at 08:21 AM, Martin Read wrote: A default Debian jessie configuration has persistent text logs in /var/log written by rsyslog, and *volatile* binary logs in /run/log/journal written by systemd-journald. Removing the binary logs completely disables functionality of the systemd suite which an administrator familiar with systemd would expect to be present by default. This is news to me, and mildly disturbing. I recall having previously seen it stated, repeatedly, that Debian by default does not store binary logs at all even when running under systemd - that they exist only in memory, and that the actual log data is stored only in text-log-file format via forwarding to rsyslog. That's exactly what the word volatile means: /run is a in-memory filesystem, thus all files there only exist in memory. For the default configuration in Debian this means that all log messages are stored persistently in /var/log by rsyslog, and some recent log messages are *also* kept in a volatile in-memory file by journald. Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546a0e65.5070...@debian.org
Re: apt-get update GPG error: Internal error: Good signature, but could not determine key fingerprint?!
Hi, On 11/17/2014 05:26 PM, i...@thargoid.co.uk wrote: I am seeing a rather strange error. I have a wheezy VM which I am trying to update, but I get the above error on the main source and also on security source: W: GPG error: http://security.debian.org wheezy/updates Release: Internal error: Good signature, but could not determine key fingerprint?! W: GPG error: http://mirror.ox.ac.uk wheezy Release: Internal error: Good signature, but could not determine key fingerprint?! What does apt-get -o Debug::Acquire::gpgv=1 update say? Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546a2a1b.8050...@debian.org
Re: If Not Systemd, then What?
Hi, Nuno Magalhães nunomagalh...@eu.ipp.pt writes: On 2014-11-16 11:40, Klistvud wrote: 1. Reviving the existing init systems. Modernizing them, making them into true, interchangeable drop-in replacements of each other, which do the task assigned, and do it well. Each of them accomplishing at least the common subset of tasks an init system is supposed to provide. 2. Complementing them with existing or new tools (again, drop-in interchangeable replacements of each other) which build on them and provide the next layer. For example, the kernel autofs facility provides very nice automounting and could be deployed to the majority of desktop installs (instead of being just an optional package, as it is now), thus making the various automount daemons of the various desktop environments/file managers virtually superfluous. As a further example, the former udev (prior to being merged into systemd) has already been forked and could/will serve us well for years to come. And so on. +1 for being reasonable and making sense It's an approach that would keep a lot of people happy and, more importantly (at least to me), it gives the user choice instead of taking it away. At least this way each user could choose the loosely-coupled components s/he wanted. Nobody is stopping anybody from improving sysvinit if they want to. So, have fun hacking on it. ;) Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/8761efp6ka@deep-thought.43-1.org
Re: If Not Systemd, then What?
Hi, Jerry Stuckle stuckleje...@gmail.com writes: The problem here is lack of time and/or skills. I would love to help, but I already have my plate full. Additionally, I've done device drivers and applications, but never dealt with init systems. There would be a big learning curve. And then there is the politics of being accepted by the DD community. Maybe some people don't think it's too bad - but I get enough politics in real life that I don't want to deal with it in a volunteer position. If you do not have time/skill/motivation to deal with it yourself, there is also the option of hiring someone to do the work for you. See [1] for a list of people offering services for Debian to start with. [1] https://www.debian.org/consultants/ So why, instead of spending all this time on a new init system didn't developers already familiar with sysvinit work on it? Systemd wasn't one person alone. Presumably nobody was interested enough to do so. 1. Reviving the existing init systems. Modernizing them, making them into true, interchangeable drop-in replacements of each other, which do the task assigned, and do it well. Each of them accomplishing at least the common subset of tasks an init system is supposed to provide. That would be great, but it's not going to happen. The TC has already indicated systemd is going to be the default, and packages are already beginning to require systemd. I predict more and more packages will require systemd as time goes on. It's not going to happen, because... This would also be great. However, who's going to spend the time building these replacements? Maintaining/upgrading sysvinit is minor compared to this job, and even that couldn't be done. ... nobody wants to work on it (at least not for free). Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87zjbrkvtm@deep-thought.43-1.org
Re: ssh_keygen : command not found
Hi, Ron Leach ronle...@tesco.net writes: I hesitate to trouble the list with this but, when trying to generate a key pair on a (lenny) system recently upgraded to wheezy, 7.7, I am seeing this: ron@d7server:~$ ssh-keygen -bash: ssh_keygen : command not found Hmm, bash complaining about ssh_keygen (with an underscore) when you want to start ssh-keygen (with a dash) sounds strange. What do which ssh-keygen type ssh-keygen say? Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87egt3hy7c@deep-thought.43-1.org
Re: If Not Systemd, then What?
Hi, Jerry Stuckle stuckleje...@gmail.com writes: On 11/16/2014 10:29 AM, Ansgar Burchardt wrote: Jerry Stuckle stuckleje...@gmail.com writes: So why, instead of spending all this time on a new init system didn't developers already familiar with sysvinit work on it? Systemd wasn't one person alone. Presumably nobody was interested enough to do so. Maybe someone SHOULD have had enough interest. Which doesn't change the fact that nobody was... I can write long lists of what SHOULD be done in my opinion, but that won't make any of it happen. 1. Reviving the existing init systems. Modernizing them, making them into true, interchangeable drop-in replacements of each other, which do the task assigned, and do it well. Each of them accomplishing at least the common subset of tasks an init system is supposed to provide. [...] It's not going to happen, because... ... nobody wants to work on it (at least not for free). So why don't YOU work on it? Oh, that's easy to answer. There is no motivation for me to do so: I don't care about support for sysvinit. I care even less thanks to the behavior of some people who write angry mails (no, really: why should I waste my free time to do something for them?). Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87zjbq7laq@deep-thought.43-1.org
Re: piece of mind (Re: Moderated posts?)
Steve Litt sl...@troubleshooters.com writes: OK, I'll be the first to admit that after Red Hat caused the demise of ConsoleKit (and probably lots more important software), I am free to take significant time out of my day job (that feeds my family) and rescue all sorts of software that Red Hat deliberately scuttled. Even though, apparently unlike 80% of today's kernel developers, nobody pays me to do it. You are free to do so in your free time. It would be a more constructive use than trying to annoy other people (who spend their free time on Linux) until they do so for you for free. Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87mw8wfst4@deep-thought.43-1.org
Re: piece of mind (Re: Moderated posts?)
Steve Litt sl...@troubleshooters.com writes: Ansgar Burchardt ans...@debian.org wrote: Steve Litt sl...@troubleshooters.com writes: OK, I'll be the first to admit that after Red Hat caused the demise of ConsoleKit (and probably lots more important software), I am free to take significant time out of my day job (that feeds my family) and rescue all sorts of software that Red Hat deliberately scuttled. Even though, apparently unlike 80% of today's kernel developers, nobody pays me to do it. You are free to do so in your free time. It would be a more constructive use than trying to annoy other people (who spend their free time on Linux) until they do so for you for free. So, reading between the lines, you find my saying don't break Linux annoying. No, what I find annoying is telling volunteer what they have to do without doing anything yourself on the issues you raise and repeating don't break Linux endlessly. I think everybody knows by now you believe that, there's no (constructive) use in further repeating it. As a comparison: I don't go to the PHP mailing lists and tell them that they have to fix their namespace operator (\) or rewrite software I might want to use in a sane[1] language. I think the current systemd threads here are pretty much that. In fact, I've become annoyed enough by these threads that I won't bother to look at sysvinit support in my packages any longer -- if it breaks I won't look at it myself. I won't spend my free time on fixing things for people who annoy me. Ansgar [1] According to my view of the world ;) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87h9z4a3oi@deep-thought.43-1.org
Re: piece of mind (Re: Moderated posts?)
On 10/16/2014 14:07, Miles Fidelman wrote: Ansgar Burchardt wrote: No, what I find annoying is telling volunteer what they have to do without doing anything yourself on the issues you raise and repeating don't break Linux endlessly. I think everybody knows by now you believe that, there's no (constructive) use in further repeating it. So, by your logic, if a horde of volunteers blow into town after a crisis - then proceed to muck things up, all in the name of helping - nobody has a right to complain? No, I'm complaining exactly about that: there's a nice town and some guests have decided to rampage through town because they don't like what the people building the town do. The guests also use megaphones during the night hours when people would like to sleep to point out how wrong the people building the town are. Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543fba93.8090...@debian.org
Re: piece of mind (Re: Moderated posts?)
Hi Miles, On 10/14/2014 16:54, Miles Fidelman wrote: Actually, udev is the ONLY thing I've had issues with in over a decade of production use. Changed out a nic card, and everything changed - because udev decided to assign the new interface to some other port (or some such - it's been a while). A completely unexpected behavior, hard to track down, poorly documented. Given that the players are the same, and the scope is much larger, this gives me lots of reservations about systemd. In a quest to ensure your personal happiness the systemd maintainers took your problem and changed udev to assign predictable names to network interfaces. See [1], note that Stable interface names even when hardware is added or removed, i.e. no re-enumeration takes place is listed as a feature. Ansgar [1] http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543d3c8e.3060...@43-1.org
Re: implicit linkage
Hi, On 10/13/2014 12:14, Joel Rees wrote: Get pid 1 down to 100 lines of C, no loops, no functions called, then I'll be impressed. [...] Setting aside initialization code, pid 1 should target less than 1000 lines of C in the main loop. (If we were to use dash or other streamlined shells, we might set a target of 100 lines of code.) Loops and subroutines should be carefully metered for maximum execution paths, and proven to be deterministic, with a maximum execution path of less than 500 lines of C. What's the point of this exercise? Linux's process scheduler alone has significant more lines. And there runtime complexity actually matters... I'm just counting lines in kernel/sched/*.[ch], I'm too lazy to filter out comments. As an example: $ wc kernel/sched/fair.c 7867 26757 207986 kernel/sched/fair.c Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543baaab.7050...@43-1.org
Re: piece of mind (Re: Moderated posts?)
Hi, [ Please followup on -user@, there is no need to have this on two lists. ] Miles Fidelman mfidel...@meetinghouse.net writes: Henrique de Moraes Holschuh wrote: http://popcon.debian.org/ which sure seems to reinforce the popularity of sysvinit 18sysvinit 697126 583755 44903 63528 4940 Not really: sysvinit is the (only) supported init system in (old)stable which is also included in the result. But in Jessie the init part is provided by the new sysvinit-core package. So we can compare the installation numbers of systemd-sysv and sysvinit-core to see what people have installed in Jessie. As [1] shows the majority of Jessie users have migrated to systemd, probably as an effect of GNOME starting to depend on it (around May 2014) and the new init package (around June 2014). Ansgar [1] https://qa.debian.org/popcon-graph.php?packages=systemd-sysv+upstart+openrc+systemd-shim+sysvinit-coreshow_installed=onwant_legend=onwant_ticks=onfrom_date=2014-01-01to_date=hlght_date=date_fmt=%25Y-%25mbeenhere=1 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87y4sjon24@deep-thought.43-1.org
Re: Way OT: Re. lines of code [was Re: implicit linkage]
Joel Rees joel.r...@gmail.com writes: If pid 1 gets stalled, lots of things all over the system get to wait for something important that can't happen until pid 1 gets un-stalled, and that's true even with quad core. It may not freeze every process, but it can cause dropped packets and such things. Potentially, you could, every now and then, lose a buffer-full of data headed for a file on disk, as well. Again, to be painfully pedantic, one in ten thousand buffers is more of a problem than one in a hundred. You notice frequent dropped buffers, so you're likely to fix the problem. Infrequent dropped buffers tend to be not noticed until the data is lost. YMMD :-D Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87siir1rk5@deep-thought.43-1.org
Re: Bash usage: was implicit linkage
Don Armstrong d...@debian.org writes: On Sun, 12 Oct 2014, Steve Litt wrote: This essay practically screams out for somebody to write a C program that takes an argument of an arbitrary string, finds all files in a directory, and returns a long string with those files separated by the arbitrary string. You seem to be looking for find -print0; \0 is one of the few characters which is not valid to have in a file name. Sadly POSIX has no -print0 for find[1]. So if you are for some reason limited to POSIX, there is no nice solution. It's not like it's that hard to do this properly in a policy compliant POSIX shell, either. Use IFS and reset it as appropriate, or properly quote things. It's possible, but prone to errors. Ansgar [1] http://pubs.opengroup.org/onlinepubs/9699919799/utilities/find.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/85oatht9ci@tsukuyomi.43-1.org
Re: gpg errors NO_PUBKEY after aptitude update
severity 647001 important thanks Hi, Valery Mamonov valerymamo...@gmail.com writes: 2014-10-01 3:30 GMT+04:00 Ansgar Burchardt ans...@43-1.org: Valery Mamonov valerymamo...@gmail.com writes: I'm experiencing some troubles with updating my debian machine. After aptitude update i'm having multiple errors like these: W: GPG error: http://deb.ianod.es unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 498F1DF0598C5C38 Hmm, all the keys APT complains about come from /etc/apt/trusted.gpg? What happens if you move them to a file in /etc/apt/trusted.gpg.d? After moving trusted.gpg from /etc/apt to /etc/apt/trusted.gpg.d all keys were missing. I have manually added keys, but after 'aptitude update' I've got same result - all keys not found. The size of new /etc/apt/trusted.gpg was 0 kb. The size of new /etc/apt/trusted.gpg.d/trusted.gpg was ~106 kb. Are you using apt from experimental? With apt_1.1~exp3 I could reproduce the issue: /etc/apt/trusted.gpg is not world-readable and apt now uses a _apt user for some tasks. So it cannot access the public keys for verification. Please try making the keyring world-readable (chmod a+r ...). Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87h9zotgpt@deep-thought.43-1.org
Re: Let's have a vote!
On 09/30/2014 08:13, Mart van de Wege wrote: lee l...@yagibdah.de writes: Stephen Allen marathon.duran...@gmail.com writes: So, Lee why are you even here complaining about Debian - You've admitted you don't use it?! My server runs on Debian. So technically, I'm using it, and I don't feel like I'm using it. What difference does it make? Is there some sort of social contract you need to sign which forbids you to mention any disadvantages Debian might have and only allows you to praise its advantages? No, but there is some sort of social contract that says that fouling up a mailing list with pretty much the same whine every post is just plain rude. Maybe he doesn't know about such expectations as he keeps close to bad company like [1] which then flood various #debian-* IRC channels with that messages... ;) [1] http://www.debianuserforums.org/viewtopic.php?f=63t=3031start=50#p28957 Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/542a6dde.9050...@43-1.org
Re: gpg errors NO_PUBKEY after aptitude update
Valery Mamonov valerymamo...@gmail.com writes: I'm experiencing some troubles with updating my debian machine. After aptitude update i'm having multiple errors like these: W: GPG error: http://deb.ianod.es unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 498F1DF0598C5C38 [...] However, all these keys are present: LANG=C apt-key list /etc/apt/trusted.gpg [...] pub 4096R/598C5C38 2012-07-15 uid Filip Chabik (Hadret) had...@gmail.com sub 4096R/630AB798 2012-07-15 Hmm, all the keys APT complains about come from /etc/apt/trusted.gpg? What happens if you move them to a file in /etc/apt/trusted.gpg.d? Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87tx3ofzz7@deep-thought.43-1.org
Re: Let's have a vote!
lee l...@yagibdah.de writes: As I already said: try to get squid 2.7 started and stopped by systemd on a current Fedora installation. This is not the Fedora users list. Sure is, yet why tell me to make software nobody cares about. That won't get systemd out of Debian. Given you don't use Debian anyway[1], why do you care so much that Debian doesn't use systemd? [1] https://lists.debian.org/debian-user/2014/09/msg02180.html Also the topic of the mailing list is Help and discussion among users of Debian[2]. I think non-Debian users writing endlessly how much they dislike some software is definitely off-topic... [2] https://lists.debian.org/debian-user/ Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87r3yv53l7@deep-thought.43-1.org
Re: Challenge to you: Voice your concerns regarding systemd upstream
lee l...@yagibdah.de writes: I'm merely participating in the discussion and haven't entirely made up my mind what the issue actually is and what I should do. [...] Debian already lost me (after over 15 years) when they came up with their brokenarch and left users stranded with no possible fix for the things they broke. The only reason I'm here is because I have it running on my server, and the only reason I have it on my server is because it was the only distribution of those I tried with which I could get xen to work. I really didn't want to use Debian. If you don't want to use Debian then don't. But if you don't even want to use it, making lots of complaints about it seems uncalled for... When you look at [1], you even find people claiming that there has been a takeover of Debian and an abuse of the technical committee, and that silencing of people questioning systemd and Debians' ways is going on. [1]: http://www.debianuserforums.org/viewtopic.php?f=63t=3031 Yeah, probably the same person as [2] and [3]. Shocking that he gets banned time and time again... [2] https://lists.debian.org/debian-ctte/2014/03/msg3.html [3] https://lists.debian.org/debian-ctte/2014/02/msg00394.html Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/877g0nmvzo@deep-thought.43-1.org
systemd/cgroups changing permissions (was: Re: Effectively criticizing decisions you disagree with in Debian)
Hi Joel, Joel Rees joel.r...@gmail.com writes: (6) systemd and cgroups (at minimum) end up overriding the permissions system. It's bad enough having SELinux and ACLs brought in to knock holes in the permissions system, but when arbitrary non-kernel system functions start getting their hands into the equation, there is no way to be sure that when you set any particular file under /etc or under ~/ -- including /etc/ssh and ~/.shh -- as mode 740, that the effective permissions don't end up 666 or 1147. In this case, even pid 1 is a group of arbitrary non-kernel functions. Permissions and race conditions are not the only ways that the modularity of these technologies is broken. I'm not going to try to enumerate them here. I'm interested how use of systemd and cgroups will make a file in /etc/ssh or ~/.ssh change effective permissions. Could you explain that in simple, reproducible steps? Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/854mw0yc2g.fsf...@tsukuyomi.43-1.org
How to go back to sysvinit (was: Re: systemd-fsck?)
Hi, On 05/09/2014 12:35, Svante Signell wrote: Well, I've not been asked if I wanted to switch to systemd based boot when upgrading. I think this is a bug in init system choice and should be reported. How to go back to sysvinit? Please ask on one of the support mailing lists (CC'ed). Installed packages: ii libpam-systemd:amd64 204-10 ii libsystemd-daemon0:amd64 204-10 ii libsystemd-id128-0:amd64 204-10 ii libsystemd-journal0:amd64 204-10 ii libsystemd-login0:amd64 204-10 ii systemd 204-10 ii systemd-sysv 204-10 ii sysvinit 2.88dsf-53 ii initscripts2.88dsf-53 ii sysv-rc2.88dsf-53 Which ones can I safely remove when going back to sysvinit? You probably need to replace systemd-sysv with systemd-shim (to satisfy the dependency libpam-systemd) and install the package shipping /sbin/init instead (whatever it is called). Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/536cb764.1090...@debian.org
Re: Welke Debian versie is goed
Hi, debian-user@l.d.o is an English-speaking list. Please ask your question on the Dutch users' mailing list: debian-user-du...@lists.debian.org (also CCed to this mail). Ruben @ Ziggo ruben.d...@home.nl writes: Hallo, Debian ik heb een vraagje ik heb een server waar ik debian op wil draaien. nu is de vraag welke versie van debian ben ik nodig server eigenschappen 2x intel xeon 3,00 Ghz Duel core en 8 Gb werk geheugen Ecc. ik heb eerder ook een debian versie gebruikt maar die zag maar 3 van de 8 gb Ram Met vriendelijke groet Ruben Dijk Regards, Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87oc5gp6rc@marvin.43-1.org
Re: Welke Debian versie is goed
Hi, debian-user@l.d.o is an English-speaking list. Please ask your question on the Dutch users' mailing list: debian-user-dutch@lists.debian.org (also CCed to this mail). Ruben @ Ziggo ruben.d...@home.nl writes: Hallo, Debian ik heb een vraagje ik heb een server waar ik debian op wil draaien. nu is de vraag welke versie van debian ben ik nodig server eigenschappen 2x intel xeon 3,00 Ghz Duel core en 8 Gb werk geheugen Ecc. ik heb eerder ook een debian versie gebruikt maar die zag maar 3 van de 8 gb Ram Met vriendelijke groet Ruben Dijk Regards, Ansgar -- To UNSUBSCRIBE, email to debian-user-dutch-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Repositories now in use for Etch.
Lisi lisi.re...@gmail.com writes: My Google and Debian.org foo seem to have gone AWOL. I even thought that this question had been answered on this list and searched my emails. All to no avail. I know, or think that I know, that Etch has fallen over the cliff now that Squeeze is on the point of going Stable, and is now in the repository archives. But I can't find it. It's on archive.debian.org. Regards, Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87r5by5p0w@marvin.43-1.org
Re: how to install on Mac ibook
Hi, abdelkader belahcene abelahc...@gmail.com writes: I want to install debian on ibook PowerPc, but !!!m I dont know how to start the machine from the CD. I think you have to press C or some other key during startup. If it's a different key, the included documentation or Google should know. Regards, Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87d3shq0b2@marvin.43-1.org
Re: aptitude called chromium-browser obsolete
Hi, Gilbert Sullivan whirly...@comcast.net writes: I don't remember seeing chromium-browser on the removal lists. Did I miss it, or is something else afoot? Chromium has been removed[1] from testing yesterday. See also the discussion[2] on debian-rele...@l.d.o. Regards, Ansgar [1] http://packages.qa.debian.org/c/chromium-browser/news/20100908T163916Z.html [2] http://lists.debian.org/debian-release/2010/09/msg7.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87hbi0xhu9@marvin.43-1.org
Re: Locate older debian packages
Hi, Panayiotis Karabassis pan...@gmail.com writes: I need to downgrade a package due to a bug. However the older package version is no longer available from apt. Is there a way to find the older .deb? If it is of any importance I am searching for the eclipse version prior to 3.5.2-5. Try snapshot.debian.org. And remember to report the bug so it gets fixed ;) Regards, Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/874ofw0yj9@marvin.43-1.org
Re: kde4: crash after login
Hi, Antonio Diaz Sanchez adiazsanc...@yahoo.es writes: I am using Debian Sid. After doing the login (by using either KDM or GDM) KDE seems to crash, and the only thing I can see is the mouse pointer over a black screen. Do you have plasma-desktop installed? After upgrading to KDE 4.4, I ended up with plasma-netbook, but a configuration that expected plasma-desktop which didn't work correctly (no taskbar etc.). After installing plasma-desktop by hand, everything worked perfectly :) Regards, Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87fx20cgov@marvin.43-1.org
system-test upgrade
Hallo Detlef, versuche gerade mal wieder ein apt-get upgrade, momentan sind alle pakete verfügbar. am besten ist es neu zu booten. Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100413203711.02da7d32.pflip...@ti.rwth-aachen.de
Re: /etc/group
Hi, Alexey Salmin alexey.sal...@gmail.com writes: Hello! /etc/group in default debain installation contains dozens of groups and I'm wondering: how to determine their purpose? Which package did some specific group came from? What purpose does it serve? Users and groups that are not created on package installation are documented in the base-passwd package. For example, for the ssh group you mention it contains the following information: ssh: ssh-agent is setgid to ssh in order to prevent ptrace attacks. Regards, Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87aaurt1g1@marvin.43-1.org
Debian on the ASUS EeePC 1005PE
Hi,
I got an ASUS EeePC 1005PE a few days ago and am trying to install
Debian testing on it.
There have been several problems so far:
1. My model has a different wireless card that listed on [1] that was
not yet supported by Debian's Linux kernel. It seems to be the card
that is listed for the 1001P and 1005P.
There was a patch [2] to add support for this card. I tried to backport
it the Debian's kernel (patch attached). So far I can scan for wireless
networks, but I did not manage to set up hostap or ad-hoc mode to
connect to my other computer (I don't have an access point available
here).
[1] http://wiki.debian.org/DebianEeePC/Models
[2] http://bugzilla.kernel.org/show_bug.cgi?id=15180
2. The Ethernet card disappeared completely. It did no longer show up
in the output from lspci, nor was it accessible in Windows. This
problem persisted over shutdowns as well. Removing the battery and
disconnecting the power supply luckily made the card show up again.
A patch was available for this issue on a different EeePC model [3].
This one was not so easy to backport, so I just changed it to disable
hot-plug always (patch attached). This solved this issue for me: the
Ethernet card does no longer disappear.
[3] http://bugzilla.kernel.org/show_bug.cgi?id=14570
3. I still have problems connecting the EeePC to my DSL modem.
I can connect the EeePC to my other computer via Ethernet, but when I
connect it to the DSL modem it does not work correctly: I can see
incoming packages, but outgoing packages (DHCP, ARP requests) do not
seem to make it to the DSL modem: The activity indicator there does show
nothing in this case. Windows has the same problem, but I think it
managed to get an IP address once (it usually does not, same as
Debian).
I think this last problem might be an issue with the cable, but it
prevents me to connect the EeePC to the Internet as I didn't manage to
connect both computer via wireless LAN either. I am thus stuck with a
base system for now as I used a netinstall CD image.
Ideas how I can continue to investigate these problems are welcome :)
Regards,
Ansgar
From 5ffaf8a361b4c9025963959a744f21d8173c7669 Mon Sep 17 00:00:00 2001
From: Luis R. Rodriguez lrodrig...@atheros.com
Date: Tue, 2 Feb 2010 11:58:33 -0500
Subject: [PATCH 1/1] ath9k: add support for 802.11n bonded out AR2427
Some single chip family devices are sold in the market with
802.11n bonded out, these have no hardware capability for
802.11n but ath9k can still support them. These are called
AR2427.
Cc: sta...@kernel.org
Reported-by: Rolf Leggewie bugzilla.kernel@rolf.leggewie.biz
Tested-by: Bernhard Reiter ock...@raz.or.at
Signed-off-by: Luis R. Rodriguez lrodrig...@atheros.com
Signed-off-by: John W. Linville linvi...@tuxdriver.com
(Backported for Debian by Ansgar Burchardt ans...@43-1.org)
--- a/drivers/net/wireless/ath/ath9k/hw.c
+++ b/drivers/net/wireless/ath/ath9k/hw.c
@@ -398,7 +398,6 @@ static void ath9k_hw_init_config(struct ath_hw *ah)
ah-config.pcie_clock_req = 0;
ah-config.pcie_waen = 0;
ah-config.analog_shiftreg = 1;
- ah-config.ht_enable = 1;
ah-config.ofdm_trig_low = 200;
ah-config.ofdm_trig_high = 500;
ah-config.cck_trig_high = 200;
@@ -412,6 +411,11 @@ static void ath9k_hw_init_config(struct ath_hw *ah)
ah-config.spurchans[i][1] = AR_NO_SPUR;
}
+ if (ah-hw_version.devid != AR2427_DEVID_PCIE)
+ ah-config.ht_enable = 1;
+ else
+ ah-config.ht_enable = 0;
+
ah-config.intr_mitigation = true;
/*
@@ -617,6 +621,7 @@ static bool ath9k_hw_devid_supported(u16 devid)
case AR9285_DEVID_PCIE:
case AR5416_DEVID_AR9287_PCI:
case AR5416_DEVID_AR9287_PCIE:
+ case AR2427_DEVID_PCIE:
return true;
default:
break;
--- a/drivers/net/wireless/ath/ath9k/hw.h
+++ b/drivers/net/wireless/ath/ath9k/hw.h
@@ -37,6 +37,7 @@
#define AR9280_DEVID_PCI 0x0029
#define AR9280_DEVID_PCIE 0x002a
#define AR9285_DEVID_PCIE 0x002b
+#define AR2427_DEVID_PCIE 0x002c
#define AR5416_AR9100_DEVID 0x000b
#define AR_SUBVENDOR_ID_NOG 0x0e11
#define AR_SUBVENDOR_ID_NEW_A 0x7065
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -1541,11 +1541,13 @@ void ath_set_hw_capab(struct ath_softc *sc, struct ieee80211_hw *hw)
hw-flags = IEEE80211_HW_RX_INCLUDES_FCS |
IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING |
IEEE80211_HW_SIGNAL_DBM |
- IEEE80211_HW_AMPDU_AGGREGATION |
IEEE80211_HW_SUPPORTS_PS |
IEEE80211_HW_PS_NULLFUNC_STACK |
IEEE80211_HW_SPECTRUM_MGMT;
+ if (sc-sc_ah-caps.hw_caps ATH9K_HW_CAP_HT)
+ hw-flags |= IEEE80211_HW_AMPDU_AGGREGATION;
+
if (AR_SREV_9160_10_OR_LATER(sc-sc_ah) || modparam_nohwcrypt)
hw-flags |= IEEE80211_HW_MFP_CAPABLE;
--- a/drivers/net/wireless/ath/ath9k/pci.c
+++ b/drivers/net/wireless/ath/ath9k/pci.c
@@ -25,6 +25,7 @@ static struct pci_device_id ath_pci_id_table[] __devinitdata = {
{ PCI_VDEVICE(ATHEROS, 0x0029) }, /* PCI */
{ PCI_VDEVICE(ATHEROS, 0x002A) }, /* PCI-E */
{ PCI_VDEVICE(ATHEROS, 0x002B
Re: Debian on the ASUS EeePC 1005PE
Hi, Guillermo Garron guillermo.fed...@gmail.com writes: 3. I still have problems connecting the EeePC to my DSL modem. I can connect the EeePC to my other computer via Ethernet, but when I connect it to the DSL modem it does not work correctly: I can see incoming packages, but outgoing packages (DHCP, ARP requests) do not seem to make it to the DSL modem: The activity indicator there does show nothing in this case. Windows has the same problem, but I think it managed to get an IP address once (it usually does not, same as Debian). Try adding a fixed IP, not using the DHCP, in your other PC check the IP and mask it has, and put manually some in the same range to your Eee, do not forget to also add a default route and a DNS server. I did already try to do so. When I ping the gateway, I can see my computer sending ARP requests (via tcpdump), but there is no reply to them. The activity indicator on the DSL modem also shows nothing. Regards, Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87r5oiwkwx@marvin.43-1.org
Re: Showing only files on a virtual desktop
Hi, Ogya Chief ogyach...@hotmail.com writes: I am running sid and kde desktop and I want to see only the files associated with a particular virtual desktop and not all open files on other virtual desktops in the panel. I have checked the online kde manual but I did not see anything on this issue. Is it possible to do that? I want to avoid clutter of the desktop as well as the panel. I am not sure what you mean by files associated with a virtual desktop. If you want to only see tasks for the active desktop in the task bar, you can do so by right-clicking on the task bar, Task Manager Settings, select Only show tasks from the current desktop in the Filters section of the General tab. Regards, Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: serious problems with mutt
Hi, Bernard bdebr...@teaser.fr writes: Now, on my laptop running Ubuntu 8.04 (Hardy Heron), my mutt is still using esmtp. And it seems to operate all right. But, with my 3 months old Lenny system on my desktop, I can't get mutt to work ! Here, I have to use 'exim4', and I have spent many hours turning around dpkg-reconfiguring exim4-config so many times. Why should you have to use exim? Just install esmtp instead and you should be fine. Regards, Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: vsftpd runs then stop for remote access
Hi, abdelkader belahcene abelahc...@gmail.com writes: I install vsftp as sererver on ubuntu 9.10 Please refer to the Ubuntu user technical support mailing list [1] for problems with Ubuntu. Regards, Ansgar [1] https://lists.ubuntu.com/mailman/listinfo/ubuntu-users -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
